Some interesting data points presented recently at the Messaging Anti-Abuse Working Group conference point towards a set of email users that are either clueless or Evel Knievel risk takers:
- Roughly half of survey respondents had opened a spam message at one time or another
- 1 in 10 have either clicked on links or downloaded attachments from spam messages
- 1 in 5 opened the message “to see what would happen”
- 4% replied to the messages and another 4% forwarded them to other people
All this points towards a large pool of at risk email users. Here at Save the Mail though, we are of the opinion (and we think most would agree) that users as a whole aren’t the email idiots this study would have you believe. Sure, there are some bad apples but there are, and have always been, the exceptions. Given a choice most users will apply the prudent email best practice that IT has been extolling for years:
Don’t open email from sources you don’t recognize.
At Save the Mail we believe the better solution is:
Don’t accept email from sources you don’t know (or want).
Ultimately we need to change the conversation. Rather than putting in solutions which keep the bad mail out, how about a solution that only allows the good mail in? If we let users decide who they want to email the "crap" doesn’t have a chance. Again, (other than the bad apples) when was the last time you received spam from someone you trusted? Yes, it happens, but again, it’s extremely rare. And if the message happens to have a virus then any good anti-spam solution is going to detect the virus and prevent delivery of the message.
Granted this is only possible when the right solution in place, but this is still the ideal scenario. When email users are given the ability to choose who to receive email from, you are far safer than when you either a) accept all inbound email messages or b) “guess” as to what is, or isn’t, good and bad.
And letting users decide gives IT a chance to spend their time on more important tasks. How much money is wasted by IT people digging through spam folders looking for the latest “most important email ever”? Why not let users do this? Remember, with the right solution users can only release clean messages from people they trust so, really, what’s the harm?
There will always be IT support stories about the latest “the user did what?” But with a whole new generation entering the work force, we will start seeing a shift towards users who have spent their whole life with email, the internet and social networks like LinkedIn and Facebook. This shift in the work force will not be without it’s challenges but explaining how to use email will not be one of them. Why not shift the anti-spam strategy now and let users decide?